Email Compromise overtakes Ransomware in Cyber insurance claims

Latest research from insurer AIG show there are more cyber insurance claims than ever before as the number of threats targeting businesses continues to rise.

Business email compromise (BEC) overtook ransomware to become the primary reason for cyber-insurance claims according to research by insurer AIG. In most cases the compromise was traced back to a phishing email containing a link or attachment. In many incidents victims were directed to a bogus login screen and credentials entered were then captured by the cyber-criminal.

Our advice is only to click on emails that you are sure came from a trusted source. This is usually payment requests and requests from the Managing Director or CEO. If you receive emails purportedly coming from another member of staff or a supplier/customer requesting a payment or amending a bank account always ring and double-check before making any payment. Do not email back as it may go straight to the hackers.

Social Engineering Threat

Attacks by criminals use social engineering to enable the creation of emails that are sufficiently accurate as to appear legitimate even to larger organisations.

The continuing influence of GDPR, which went into effect in May 2018, has also had an effect on cyber-insurance claims, with far more being made after the new legislation came into force. It was noted this could be to do with GDPR requiring all data breaches to be made public, with companies that fail to act suffering large fines – the cost of which can be offset through cyber-insurance.

Beating Cyber Crime

At Real Insurance we advise ensuring strong passwords for email accounts, using multi-factor authentication, and increasing employee training relating to security as key to helping stay secure.

Real Insurance are advising all clients to ensure they have robust cyber insurance cover in place, given the increased number of attacks and the current climate.

Please call 0330 058 0260 or contact your account handler for a complimentary cyber risk review.